Hello. How to close a vulnerability for my VPS server (Ubuntu 14.04 + Apache 2.4.7)?

Site https://www.ssllabs.com/ reports:

"CCS vulnerability this server is vulnerable to the OpenSSL (CVE-2014-0224) and exploitable. Grade set to F."

But I have already installed fresh OpenSSL:

user @ mydomain: ~ # openssl version

OpenSSL 1.0.2g 1 Mar 2016

And the problem is the same ...

  • Show the dpkg -s openssl and dpkg -s libssl-dev . And check which versions the web server uses. - Andrew Hobbit
  • dpkg -s openssl issued the following: Package: openssl Status: install ok installed Priority: optional Section: utils Installed-Size: 1118 Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Architecture: amd64 Version : 1.0.2g-1 + deb.sury.org ~ trusty + 1 Depends: libc6 (> = 2.15), libssl1.0.2 (> = 1.0.2g) Suggests: ca-certificates - Mimishka
  • dpkg -s libssl-dev Package: libssl-dev Status: install ok installed Priority: optional Section: libdevel Installed-Size: 6162 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> Architecture: amd64 Multi-Arch : same Source: openssl Version: 1.0.1f-1ubuntu2 Depends: libssl1.0.0 (= 1.0.1f-1ubuntu2), zlib1g-dev Recommends: libssl-doc - Mimishka
  • If nginx is used, show the output of nginx -V. Well, you can have detailed information about the Apache. - Andrew Hobbit
  • one
    The problem is solved by reinstalling OpenSSL on version 1.0.1f and Apache 2.4.20! - Mimishka

0